BioID shares PAD research amid increase in digital injection attacks found by iProov
German biometric solutions provider BioID GmbH has shared new information about its presentation attack detection (PAD) solution that checks the authenticity of biometric features like faces rather than just a person’s liveliness and deploys a special texture-based algorithm for catching video replays.
Ann Kathrin Freiberg, manager of business development and marketing at BioID GmbH, discussed the solution in a new technical article (in German) published by Springer Nature, a German-British publishing firm.
“Several variations and combinations are used to detect deepfakes, including those based on AI Deep Convolutional Neural Networks (DCNNs), which classify photos according to the authenticity of their source.”
Freiberg explains that DCNNs are trained on large amounts of data to detect presentation attacks such as 3D paper and silicone masks, video on displays, video projections on various materials, etc.
“This method depends on the quality and variety of the training material but brings the most promising results for PAD.”
The biometric expert mentions BioID PhotoVerify as an example of a PAD solution that combines automatic ID card ownership verification with live detection, thus blocking unauthorized access and identity theft attempts.
In particular, the company’s face liveness detection algorithms capture two face images via standard cameras and check for changes and natural motion.
“A 3D face moves differently than a 2D photo, and our sophisticated motion-analysis algorithms detect this difference,” reads the BioID website.
Further, presentation attacks are detected via AI-based DCNNs, while video replays and other copies like avatars or deepfakes are identified with a special texture-based algorithm. Challenge-response liveness checks are also available as an option, the company writes.
Back to the paper, Freiberg adds that PAD technology is especially relevant now, considering a sharp increase in the adoption of digital ID services offered by various governments and companies following the Covid pandemic.
“Digital offers from governments and companies are now widespread. Bank accounts can be opened completely digitally, with bank employees hardly being or not at all involved in this process.”
Digital injection attacks continue to grow
New data by iProov suggested digital injection attacks are now five times more frequent than biometric presentation attacks.
The company’s CEO, Andrew Bud, unveiled similar figures in October last year (at the time, he said injection attacks were six times more frequent) at the Trust Services Forum/CA Day in Berlin. Now, iProov is expanding on the claims by releasing its latest Biometric Threat Landscape 2023 report.
The document also shows that attackers increasingly targeted mobile platforms (149 percent more in the second half of 2022), spoofing metadata and compromising once-trusted device data.
“The 149 percent increase in attacks using emulators posing as mobile devices is a good example of how attack vectors arrive and scale very quickly,” explains iProov CSO Andrew Newell.
“We have seen a rapid proliferation of low-cost, easy-to-use tools that have allowed threat actors to launch advanced, scalable attacks with limited technical skill. ”
Further, the iProov report highlights a sharp increase in deepfake attacks, particularly face swaps attacks aimed at impersonating victims for malicious purposes.
“In 2020, we warned of the emerging threat of deepfakes being digitally injected into camera feeds to impersonate an individual’s biometric verification process,” Bud says. “This report proves that deepfake attacks are now a reality.”
The CEO also warns that despite the availability of advanced machine-learning computer vision, many businesses are struggling to detect and triage these evolving attacks.
“Any organization that isn’t protecting its system against these threats needs to do so urgently, especially in high-risk identity verification scenarios,” Bud concludes.
He also recently commented on threats connected to digital ID and how these solutions can be used privately and securely.